[jboss-jira] [JBoss JIRA] (WFLY-13439) CVE-2020-6950 jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-1437

CVE-2020-6950 jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-1437 ---------------------------------------------------------------------------------------------------------------------------------- Key: WFLY-13439 URL: https://issues.redhat.com/browse/WFLY-13439 Project: WildFly Issue Type: Bug Components: JSF Reporter: Farah Juma Assignee: Farah Juma Priority: Minor Labels: CVE-2020-6950, Security, SecurityTracking, pscomponent:jsf-impl Fix For: 20.0.0.Beta1 Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 https://bugzilla.redhat.com/show_bug.cgi?id=1805006 This was already fixed upstream: https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37... https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6b...